Wikipedia:Village pump (technical)

Policy

Technical

Proposals

Idea lab

WMF

Miscellaneous

• Table of contents
• First discussion
• End of page
• New post

Shortcuts

• WP:VPT
• WP:VP/T
• WP:TECHPUMP
• WP:PUMPTECH

The technical section of the village pump is used to discuss technical issues about Wikipedia. Bug reports and feature requests should be made in Phabricator (see how to report a bug). Bugs with security implications should be reported differently (see how to report security bugs).

If you want to report a JavaScript error, please follow this guideline. Questions about MediaWiki in general should be posted at the MediaWiki support desk. Discussions are automatically archived after remaining inactive for five days.

view · edit Frequently asked questions (see also: Wikipedia:FAQ/Technical) Click "[show]" next to each point to see more details. If something looks wrong, purge the server's cache, then bypass your browser's cache. This tends to solve most issues, including improper display of images, user-preferences not loading, and old versions of pages being shown. No, we will not use JavaScript to set focus on the search box. This would interfere with usability, accessibility, keyboard navigation and standard forms. See task 3864. There is an accesskey property on it (default to accesskey="f" in English). Logged-in users can enable the "Focus the cursor in the search bar on loading the Main Page" gadget in their preferences. No, we will not add a spell-checker, or spell-checking bot. You can use a web browser such as Firefox, which has a spell checker. If you have problems making your fancy signature work, check Help:How to fix your signature. If you changed to another skin and cannot change back, use this link. Alternatively, you can press Tab until the "Save" button is highlighted, and press Enter. Using Mozilla Firefox also seems to solve the problem. If an image thumbnail is not showing, try purging its image description page. If the image is from Wikimedia Commons, you might have to purge there too. If it doesn't work, try again before doing anything else. Some ad blockers, proxies, or firewalls block URLs containing /ad/ or ending in common executable suffixes. This can cause some images or articles to not appear. For server or network status, please see Wikimedia Status. If you cannot reach Wikipedia services, see Reporting a connectivity issue.

« Archives, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217

Is there any bot on Wikipedia that will check an article for sources that are used multiple times (and could be combined)?   ▶ I am Grorp ◀ 22:26, 16 December 2024 (UTC)[reply]

There is a tool available at https://yabbr.toolforge.org/ that helps combine duplicate references. – DreamRimmer (talk) 02:12, 17 December 2024 (UTC)[reply]

Looks like that's a different function. It finds articles where someone has twice named a citation using the same refname. I'm looking for something which finds duplicate URLs, so that I can combine them into one [named] citation that can be referred to multiple times.   ▶ I am Grorp ◀ 02:20, 17 December 2024 (UTC)[reply]

Wikipedia:ReFill is also helpful in combining duplicate references, but it is mainly used for fixing bare references. – DreamRimmer (talk) 02:38, 17 December 2024 (UTC)[reply]

That sounds like the ticket! I'll give it a try.   ▶ I am Grorp ◀ 02:48, 17 December 2024 (UTC)[reply]

@Grorp: There's User:Polygnotus/DuplicateReferences, but I've not used it myself. I did come across it here, inspiring me to do this. --Redrose64 🌹 (talk) 21:04, 17 December 2024 (UTC)[reply]

@Redrose64: Thanks! I've tried it out and it works great.   ▶ I am Grorp ◀ 03:34, 19 December 2024 (UTC)[reply]

I am seeking consensus on a proposal to develop and deploy a bot to help block VPNgate IP addresses used by a particular WP:LTA. For WP:DENY/WP:BEANS reasons, I cannot provide full details, but users familiar with the LTA in question will understand the context.

I have tested several VPNgate IPs, and very few of them are currently blocked. According to Wikipedia's policy on open proxies and VPNs (per WP:NOP), these should be blocked. Given the volume of VPNgate IPs, I propose using a bot to automate this process.

This is building off this discussion on WP:BOTREQUESTS.

I am posting here to gauge consensus needed for a WP:BRFA.

I propose a bot to automate blocking these VPNgate IPs using the following steps:

1. The bot will use this list provided by VPNgate, which contains OpenVPN configuration files in Base64 format. The provided "IP" value is only the one that your computer uses to talk to the VPN (and sometimes wrong), not the one used for the VPN to talk to Wikipedia/external internet - this requires testing to uncover.
2. The bot will iterate through each config file and use OpenVPN to test if it can connect. If successful, it will then use the VPN to send a request to this WhatIsMyIPAddress API to determine the real-world IP address used by each VPN to connect to Wikipedia. This is sometimes the same as the IP used to talk to the VPN - but sometimes completely different, see the demo edit I did using VPNgate on the Bot Requests discussion linked above and I also did one as a reply to this post. Also, testing is needed before blanket blocking because VPNgate claim to fill the list with fake IPs to prevent it from being used for blocking, again see the BR discussion.

Blocking or Reporting:

• If the bot is approved as an admin bot, it will immediately block the identified IPs or modify block settings to disable TPA (see Yamla's recent ANI discussion per the necessity for this) and enable auto block.
• If the bot is not approved to run as an admin bot, it will add the IPs to an interface-protected JSON file in its userspace for a bot operated by an admin to actually do the blocking.

• I have already developed and tested this bot locally using Pywikibot. I have tested it on a local MediaWiki install and it successfully prevents all VPNgate users from editing (should they not be IP block exempt).
• I’m posting here to gauge broader community consensus beyond the original WP:BOTREQUESTS discussion.

• Oppose: Object to the bot proposal. Feel free to explain why.
• Support options:

1. Admin Bot (admin given code): An admin will run the bot, and I will provide the code for them to run, as well as desired environment setup etc. and will need to send any code changes or packages updates to them to perform. Admin needs to be quite technically competent.
2. Admin Bot (admin gives me token): An admin provides me with the bot token (scoped per Anomie below) of a newly created account only for this purpose, allowing me to run the code under myself on Toolforge and fully manage environment setup (needs install and config of multiple python and brew packages not needed for standard pywikibot) as well as instantly deploy any needed code changes or dependency updates without bottlenecks. Admin only needs to know how to use Wikipedia UI and navigate to Special:BotToken, check some boxes, and then submit.
3. Admin Bot (I run it): For this specific case I am permitted to run my own admin bot. Withdrawn per Rchard2scout and WMF viewdeleted policy.
4. Bot without Admin Privileges: The bot will report IPs for potential blocking without admin privileges. Not recommended per large volume. Withdrawn per 98 IPs/hour volume, too much for a human admin.
5. Non-admin bot v2 (preferred by me): My bot, User:MolecularBot is not an admin bot. It can, however, add IP addresses that it finds are the egress of open VPNgate proxies to User:MolecularBot/IP HitList.json (editable only by the bot and WP:PLIERS/interface admins). This means I can run the code for it and manage the complex environment. An admin's bot will be running the uncomplicated code (doesn't require the complex environment and OpenVPN setup for this bot) to just monitor that page for changes and block any IPs added.

• Oppose for now. From reading that discussion, it looks like the IPs available through the API are only the "ingress" IPs, which is what you connect to on their side when using the VPN (and even then, it seems like the VPN client might sometimes use another IP instead?). If there's actually a publicly available list of outgoing IPs available, I'd be very surprised. From an operational standpoint, those IPs don't need to be public, and if they are, that's a serious error on their side. If we do somehow get our hands on a list, I'd be in favour of option 1. There's plenty of admins available who are able to run bots. --rchard2scout (talk) 08:37, 17 December 2024 (UTC)[reply]

  Hi rchard2scout, I think you misunderstand the bot. The bot connects to each "ingress" IP and then finds out the "egress" IP that it uses by sending a request to a "what is my IP address API" (not associated with VPNGate in any way), then blocking the egress. This fully disables VPNgate on my local instance of MediaWiki. Thus, a list of egress IPs are not required, because it makes it own by connecting to each of the ingress ones and sending a request. I apologize if my documentation wasn't clear. MolecularPilot ^{🧪️✈️} 08:44, 17 December 2024 (UTC)[reply]

  Noting that I currently do have a complete list of "egress" IPs from my local run of the bot, so should I take your vote as a support of option 1 like you stated? Thank you. MolecularPilot ^{🧪️✈️} 08:45, 17 December 2024 (UTC)[reply]

  Oops, you're right, I somehow missed this. Hadn't had my first coffee yet ;). Striking, adding new vote.

  That's so fine, my brain is a little laggy in the early morning as well! My technical/documentation writing probably needs some work as well, it's not my best skill (anyone please feel free to edit this post and make it clearer, if it's wrong I'll just fix it). Thank you for your time in reviewing this even though it's still the early morning where you are! :) MolecularPilot ^{🧪️✈️} 09:38, 17 December 2024 (UTC)[reply]

• Support option 1. Options 2 and 3 are probably incompatible with our local and WMF policies, because an admin bot can do anything an admin can do, and you haven't gone through RfA, so you're not allowed access to rights like viewdeleted. Or (@ anyone who know this) are OAuth permissions granular enough that an admin can generate a token that allows a bot access to block but not to other permissions? In any case, I think option 1 is the easiest and safest way, there's plenty of admins available who are able to run bots. --rchard2scout (talk) 08:59, 17 December 2024 (UTC)[reply]

  Hi Rchard2scout, thank you for your new comment and feedback. I hope your morning is going well! Ah yes viewdeleted, silly me to forget about that (I have the opposite problem as you before, it is far too late at night where I live!), I do recall it from someone else's declined proposal of admin sortion, I've struck Option 3 now per WMF legal policy. Re OAuth permissions, I know from using Huggle that when you create a bot token there's a very fine grained list of checkboxed for you to tick, and "block" is in fact one of them, so it is that granular as to avoid all other admin perms, I've expanded Option #2 above to clarify this and more circumstances. I do believe this would be my preferred option, per the reasons I've placed in my expansion, but are really happy with anything as long as we can deal with this LTA. Anyway, enjoy your morning! MolecularPilot ^{🧪️✈️} 11:29, 17 December 2024 (UTC)[reply]

  There's no grant allowing block but no other permissions. The minimum additional admin permissions would be block, blockemail, unreviewedpages, and unwatchedpages. Anomie⚔ 12:33, 17 December 2024 (UTC)[reply]

  Support option 5 as well, and that doesn't even need a BRFA or an RFC. We do then need consensus for the adminbot part of that proposal, so perhaps this discussion can focus on that. --rchard2scout (talk) 10:19, 18 December 2024 (UTC)[reply]

• Option 1. I believe this is the only option allowed under policy. Admins need to run admin bots. This RFC is a bit complicated. Usually an RFC of this type would just get consensus for the task ("Is there consensus to run a bot that blocks VPNGate IP addresses?"), with implementation details to be worked out later. –Novem Linguae (talk) 12:09, 17 December 2024 (UTC)[reply]

  Option 5 is fine if the bot doesn't need to do any blocking and is just keeping a list up-to-date. Don't even need this RFC or a BRFA if you stick the page in your userspace (WP:EXEMPTBOT). –Novem Linguae (talk) 09:50, 18 December 2024 (UTC)[reply]

• I'd like to suggest an alternative approach: Write a bot or Toolforge tool that generates a data feed of IP addresses, starting with VPN Gate egress IP addresses, perhaps including the first seen timestamp and last seen timestamp for each egress. The blocking and unblocking portion of the process is relatively simple and a number of administrators could write, maintain, and run a bot that does that. (I suspect most administrators that run bots would prefer to write their own code to do that.) Daniel Quinlan (talk) 23:04, 17 December 2024 (UTC)[reply]

  Well, I started writing this suggestion before option 5 was added. Since it looks like this is basically the same as that option, put me down as being in favor of Option 5. Daniel Quinlan (talk) 23:15, 17 December 2024 (UTC)[reply]

  • Hahaha, great minds think alike I guess! Thank you for your input. :) MolecularPilot ^{🧪️✈️} 09:33, 18 December 2024 (UTC)[reply]
• Courtesy ping for Rchard2scout and Novem Linguae notifying them of the new preferred option 5 above, which I believe makes everything easier for both myself and the admin who wishes to help me (I'll leave a note on AN asking nicely once BRFA passes for MolecularBot). Also, Skynxnex, you expressed support for option 5 below, did you mean to format that as a support !vote in this section (my apologies for the confusing layout of everything here). Thank you very much to everyone for your time in reviewing this proposal and leaving very helpful feedback. MolecularPilot ^{🧪️✈️} 09:33, 18 December 2024 (UTC)[reply]

  I don't feel like I've thought about the different aspects to do a bolded !vote yet. Skynxnex (talk) 15:07, 18 December 2024 (UTC)[reply]

  That's so fine, thank you anyway for your feedback! :) MolecularPilot ^{🧪️✈️} 23:07, 18 December 2024 (UTC)[reply]

• Hey, it's me, User:MolecularPilot on VPNgate. This VPN is listed as 112.187.104.70 on VPNgate cause that's what my PC talks to. But, this VPN when talking to Wikipedia, uses 121.179.23.53 as shown which is completely different and not listed anywhere on VPNgate, showing the need for actually testing the VPNs and figuring out the output IPs are my bot does. Can this IP please be WP:OPP blocked? 121.179.23.53 (talk) 06:22, 17 December 2024 (UTC)[reply]
  • Can confirm this is me! :) MolecularPilot ^{🧪️✈️} 06:24, 17 December 2024 (UTC)[reply]
• There is a relevant Phabricator ticket: T380917. – DreamRimmer (talk) 12:02, 17 December 2024 (UTC)[reply]
• I don't think non-admins can run admin bots. Perhaps you would like to publicly post your source code, then ask an admin to run it? cc Daniel Quinlan. –Novem Linguae (talk) 12:05, 17 December 2024 (UTC)[reply]
• I don't think blocking a single VPN provider will have the effect people want it to have. It's easy for a disruptive editor to switch VPNs. This is really a problem that needs to be solved by WMF. Daniel Quinlan (talk) 15:45, 17 December 2024 (UTC)[reply]

  Hi Daniel Quinlan, I guess I didn't make this clear enough in the post but this is designed to work with existing WMF proposals that are being worked on. Both T380917 and T354599 block/give higher edit filter scrutiny based on existing lists of "bad" IPs, this is the same as the old ST47ProxyBot (which actually does scanning but doesn't monitor "egress" IPs, it only attempts to connect to the "ingress" and then blocks it if successfully). This is great for a wide variety of proxy services because ingress/egress is the same, but for modern, more advanced services like VPNgate (and perhaps some services that because a problem for us in future) the ingress IP address is often not the same as the one used to edit Wikipedia, and so requires this solution (this bot). I'll admit that blocking VPNgate won't fully stop this LTA or all proxy vandals but VPNgate is quite a large and widely used network (claiming a total of 18,810,237,498 lifetime connections) that is currently almost fully permitted to edit Wikipedia, and by blocking it this significantly reduces the surface area for proxy attacks. This also creates the infrastructure for easily blocking any future VPN services that use different ingress/egress IPs - the bot can be easily expanded to use new lists. MolecularPilot ^{🧪️✈️} 21:14, 17 December 2024 (UTC)[reply]

• What is the actual expected volume per day of new IPs to block? It looks like the current list has 98 ingress IPs (if I'm understanding the configuration blocks correctly). I'll also say I have pretty strong concerns about sharing "personal" tokens of any kind between users, particularly admin permission ones with non-admins. Skynxnex (talk) 19:48, 17 December 2024 (UTC)[reply]

  The list available through this API frequently rotates. It only provides 98 ingress IPs at a time, as you stated and refetching the list without [some duration of time, from my estimates it's around 1 hour] passing returns the same 98 IPs. After 1 hour (estimated) passes, a new 98 IPs are randomly selected to be provided to all users - but these may include some of the same IPs as before because they are picked by random selection from the whole list of 6057 (not available to the public), this has happened a couple times during my data gathering. Therefore re volume per hour, the maximum number of IPs to be blocked is 98, but it could be less due to already blocked IPs being included in that given hour's sample of 98, I hope this makes sense if there's anything that needs clarifying please don't hesitate to ask. MolecularPilot ^{🧪️✈️} 21:34, 17 December 2024 (UTC)[reply]

  Re "personal" tokens it's actually not a "personal" token to the admin's account, it would be (in theory) a token to an adminbot account with the only things it can be used for being those helpfully specified by Anomie above. However, regardless I see the concerns so I've added a proposal 5 which hopefully is a decent compromise above and ensures that I don't have access to any admin perms/tokens, but that there aren't any bottlenecks and that admins don't need to setup a complex running environment. Thank you for your time in commenting, Skynxnex. MolecularPilot ^{🧪️✈️} 22:23, 17 December 2024 (UTC)[reply]

  I see bot tokens as fairly similar to personal tokens since bots are associated with an operator. I think proposal 5 has promise. Skynxnex (talk) 23:08, 17 December 2024 (UTC)[reply]

  VPN Gate claims they have about 6,000 servers which is fairly close to my own estimate of how many IPs they are using. If we block each IP for six months, we'd end up averaging about 33 blocks per day. There would be a pretty large influx at the start, but I would want to spread that out over at least several weeks to avoid flooding the block log as badly as ST47ProxyBot did. Daniel Quinlan (talk) 23:10, 17 December 2024 (UTC)[reply]

  It's worth noting that an unknown amount of 'servers' are user computers that people have volunteered cpu time for (this information is somewhere on the website), so, like we see often with IP users, the IP that each server uses can and likely will change with time. This doesn't mean that an effort like this bot won't help, of course, but it's unknown how effective (as a percentage) it would be with just 33 blocks a day. – 2804:F1...33:D1A2 (::/32) (talk) 23:47, 17 December 2024 (UTC)[reply]

  33 blocks per day is a rough estimate, not a limit. Certainly there will be some delay when adding entries to any list generated as proposed above so the block rate will never reach 100%, but the egress IPs don't seem to change that much over time based on what I've seen. Daniel Quinlan (talk) 00:09, 18 December 2024 (UTC)[reply]

  So, I'm posting this anonymously through VPNGate because I don't want people to start suspecting me of things just because I admit to having used a VPN service some others are abusing to make disruptive edits here. Due to its strong base in Japan, I've used VPNGate many times in order to shop at Japanese web stores that block purchases from outside Japan (they typically don't want to offer international support and see this as the easiest solution for avoiding that), and I know a number of other people who've used it for similar reasons (also for Korea, which often has even more hosts available than Japan).
  

  In any case, while I've personally never enabled this on my PC, I can confirm what IP 2804: said: there's definitely a swarm of short-term volunteer IPs associated with this service who aren't part of VPNGate proper. The overlap between such people and good faith Wikipedia editors may not be large, but it's unlikely to be zero. Unless you have a good mechanism to avoid excessively punishing such users for popping up on your list for the short period of time they themselves use the VPN, maybe it's better to wait for and official WMF solution, which (based on the phabs) seems to intend to take "IP reputation" into account and would thus likely exclude such ephemerals, or at least give them very short term blocks compared to the main servers. Because getting blocked here for several months for having been part of VPNGate for a few hours hardly seems fair.
  

  Actually, now that I think about it: if you're going to connect to VPNGate servers for the express purpose of determining and blocking their exit IPs, you'd probably be in violation of their TOS. While you might consider this an "ends justifying the means" situation, are you sure you want to associate the WMF with such unauthorized usage? There's a difference between port scanning or getting an IP list via an API and actually traversing the VPN in order to investigate it. This absolutely is not a legal threat by me, but if VPNGate were to learn of this, I wouldn't be surprised if they took action. Aren't there enough services out there that provide VPN IP lists without having to roll your own scanner? It would seem a safer bet for the WMF to use something like that. 125.161.156.63 (talk) 16:05, 19 December 2024 (UTC)[reply]

  Oh, you didn't have to anonymise yourself, we don't cast WP:ASPERSIONS here and now you won't get a reply notification but that's okay! :) I checked the terms of service of their website before making their bot and it just says not to do anything IRL illegal otherwise they'll give your logged data to authorities if subpoenaed, but I will reach out to the VPNgate operators in Japanese (good practice opportunity, huh) when I have time just to double-confirm they're okay with everything. But btw, they encourage checking that your IP has changed to demonstrate it has worked in their how-to-guides, and this isn't 'tranaversing" as we're not collecting data on every single node but only the public IP of the exit node. Re short-term volunteers, that's a great point, and I'll update the JSON schema of its published data to include a "number of sightings" number, so that the blocking adminbot would escalate blocks as this increases so maybe it starts really short term like 2.5 days/60 hours (6000 active volunteers on average, divided by 100 checked every hour, minimum time to ensure the IP has truly stopped) if it's just 1 sighting but ramps up exponentially if it's seen again as an egress IP untill we're talking like 6months - 2 years blocks. Re WMF tickets, the distributed fact of VPNgate that anyone can start hosting means that most VPNgate IP addresses won't have a bad "reputation" (I checked a whole bunch on a variety of reputation lists and the egresses always had "good"" reputations) so reputation checking won't help (but they need short term blocks), also as you can't publically see the egress with VPNgate cause it's different to ingress (unlike most networks). So WMF solutions are actually quite innovative and smart for most VPN/proxy networks, it's just that VPNgate is a bit different needing a unique solution, this bot. MolecularPilot ^{🧪️✈️} 04:43, 20 December 2024 (UTC)[reply]

  I guess I'm just too careful or chicken even if most people would refrain from casting aspersions.
  

  I don't quite understand why you say you're not traversing. You're not just touching the network from one side, you're passing through it and coming out on the other side, that's traversing. However if they don't mind it, then I guess you're in luck. Ecxept maybe if those Japanese laws they mention a mllion times in their documents have a problem with something like this.
  

  I don't know what the WMF is basing its reputation measurements on. My meaning was that sites like browserleaks.com almost always seem to know about the VPN status of the exit nodes I've used over time. I don't know where they're getting this information from exactly, but that's what I meant by reputation, not whether they're good or bad but what they're known to engage in, like being a VPN node. And that database is probabably built either through collaboration or by specialized services, which the WNF can use as well. Like email providers use common antispam databases instead of each rolling their own.
  

  In any case, good luck with your bot, because I'm afraid these persistent abusers you want to keep out by this probably won't be averse to paying for commercial VPNs if they have to, and many of those only cost a handful of bucks a month. Commercial companies will almost certainly have a TOS that would prohibit your bot, so to counter them the WMF would in the end still have to resort to a specialist or collaborative VPN IP list of some kind. You can probably cut down on casual troublemakers by tracking VPNGate but I don't think it'll help all that much much against anyone highly motivated. They can even continue using VPNGate, it'll just be less convenient because they have to find brand new nodes before you catch those.

  92.253.31.37 (talk) 17:39, 20 December 2024 (UTC)[reply]

  I'm not sure what you mean by "Japanese Laws" they keep mentioning they don't seem to mention any, when I told you that the ToS said don't do anything irl illegal I was referring to this ToS page which doesn't mention any "Japanese Laws" but just says don't do anything like CSAM like your government can subpoena us for, because we'll comply (and directions for LEOs to request this). Re reputation yes, the major VPNgate nodes that have done it for a while do have bad reputations, particularly 219.100.37.0/24 which is the example servers run by the university themselves - but as you said, because anyone can start a VPNgate server and then there's always brand new nodes that won't have bad reputations and can be abused. But - as I've stated in a different discussion above, the list of VPN servers to connect to only updates with new servers hourly, so while reputation services won't catch the new exit nodes (because they won't be used poorly enough to trigger flagging for a white), the bot constantly waits for updates to the list and then immediately tests it to determine the new egress IPs. Re commercial services generally, unlike VPNgate, they use datacenters and static IPs that are assigned to "Hotspot Shield, Inc." (as an example) so it's easy to CIDR range block them and also the reputation of those deteriorates over time as they do bad things - the companies don't randomly get new IPs in random locations around the world, like VPNgate. In fact commercial reputation services excel at identifying commercial services (from my testing), but VPNgate is community distributed, like Wikipedia, and needs a unique approach. And yes, as I said to Daniel, I'll admit that blocking VPNgate won't fully stop this LTA or all proxy vandals but VPNgate is quite a large and widely used network (claiming a total of 18,810,237,498 lifetime connections) that is currently almost fully permitted to edit Wikipedia (the bot currently has 146 IPs in its list and as shown by the stats section of the toolforge frontend, ~60% are currently unblocked (and this is an underestimate because the list is mainly the "obvious" ones that are always provided first in the 98 hourly sample, like 219.100.37.0/24. This is because the bot has only had 1 full run of all IPs in a given hour's list, and many failed partial runs of just the first couple. I think blocking VPNgate significantly reduces the surface area for proxy attacks - only looking at only 10 of the blocked IPs I see link spam, edit warring, block evasion, vandalism and our favourite WP:LTA. MolecularPilot ^{🧪️✈️} 08:38, 21 December 2024 (UTC)[reply]

  They mention Japanese laws repeatedly in the texts shown when you click the licence and notice buttons under Help > About of the SoftEther VPN Client Manager. It's a canned statement saying they only comply with Japanese laws because they can't possibly follow every law worldwide.
  

  the bot constantly waits for updates to the list and then immediately tests it to determine the new egress IPs Are you going to run multiple instances of the bot in parallel, because the 98 IP list you get per hour seems far from sufficient for make claims about a strong level of protection if there are ~6000 egresses, many of which churn. With your current setup, an abuser can get their own list refresh, which would be different from what the bot gets, run it past your very helpful :) IP check tool and then make edits from any IP not covered. Which may not be many, but they only need one out of their 98, so it's likely they'll get something as long as the volunteer swarm keeps changing.
  

  Getting a bit more facetious, VPNGate could conversely determine the IP of your bot and block it as a censorship agent. :) I really think it contradicts the spirit of their operation even if they haven't prohibited it explicitly, since you don't happen to be a state agent. This is just my conjecture, but I'm guessing that if you looked at your IP list edits without focusing solely on the abuse, you'd also see constructive edits coming from them, quite possibly from people using VPNGate to bypass state firewalls. I am well aware of Wikipedia open proxy policy, but it can make editing somewhat difficult for such people.
  

  These remain my two sticking points: while useful, the bot won't be quite as effective as you represent; and you're arguably abusing their service to operate yours.
  

  Once this bot starts issuing blocks, you should probably amend Help:I have been blocked to include verbiage about having used a VPN in the recent past, because this situation isn't really covered by the "you are using a VPN" or collateral damage statements. 211.220.201.217 (talk) 15:21, 21 December 2024 (UTC)[reply]

  VPNgate does not have as firm of a ground as you claim. Yes, companies have terms of use and those terms of use often have clauses of disputes being filed in their local country. However, as multiple attourneys have pointed out, this local dispute solving when dealing with an customer from abroad does not really work. In reality, VPNgate is forced to deal with international laws, because otherwise they will just lose their case. (one of the legal opinions supporting this: https://svamc.org/cross-border-business-disputes-company-use-international-arbitration/ )

  As far as blocks go, yes, they could block one user, but let me remind you that there are 120,000 active wikipedia users. The script could just be passed on between users until all of their IP ranges are blocked. They would lose that war, every time. Snævar (talk) 20:11, 21 December 2024 (UTC)[reply]

  I don't recall claiming anything about firm ground. I have a problem with the WMF or parties associated with it engaging in somewhat questionable practices, even if it is for a good cause. I'm OK with port scanning or getting data from an API, because that's external probing, but actually passing through someone's premises with the intent of later restricting their users is something I find objectionable, and it is my conjecture that VPNGate would think likewise. If VPNGate blocked one user's bot, that would simply be an indication that they object to such activities, and having a million other users on the ready to take over would change nothing about that, and I'm fairly certain the WMF does not subscribe to this sort of hackerish way of thinking anyway. VPNGate aren't outlaws against whom anything goes, they operate a prefectly legitimate service, albeit one that some people abuse. It's also possible that it's just me, and VPNGate themselves have no objection to any of this. The OP was going to ask them, so I presume they'll inform everyone about the response sometime soon. 220.81.178.129 (talk) 11:44, 22 December 2024 (UTC)[reply]

  Yes, this is definitely not something that should be adversarial or "us against them" and if they express concerns about this behaviour, we should totally not try and evade it - after all VPNgate does share our mission of spreading free knowledge to the world (and are very useful to spreading Wikipedia and other websites around the globe, it's just some bad actors taking advantage of the kind service of both the university and the volunteers creating a problem). We just need to find a way to work together to ensure that we both can continue to do our things. Being the holiday season, it's pretty busy for me and I'm sure the same is true for the operators so I will reach out in the new year re their thoughts on this. MolecularPilot ^{🧪️✈️} 04:45, 23 December 2024 (UTC)[reply]

  Hi! The abuser can't get their own list refresh seperate from what the bot sees, I guess I wasn't clear before but what I meant was that everyone gets the same 98 IPs every hour, and then the next hour another 98 are randomly selected to be shown to everyone.

  Re censroship/state agencies this doesn't help state agents or censorship at all, because they want to block the input/ingress IP addresses that citizens would use to connect to the VPN network, and knowing the egress that the VPN network uses to connect to servers doesn't help them at all. I have clarified this in the README.md now so anyone who sees the project will know that it can't be used for censorship.

  Re users bypassing state firewalls, they can still read and if they want to edit we have WP:ACC for that (abusers could go through acc I guess, but then they can't block evade once their account gets indef'ed - and VPNgate has been used a lot by link spammers, people who want to edit war (especially someone who got really upset about castes, I've seen a lot of edit warring from detected IPs about that) to evade the blocks on their main account).

  Btw, thank you for calling my tool helpful, I'm not the best at UI design but I tried to put some effort in and make it looks nice and have useful functions. Thank you to you as well for your time in providing soooo much helpful feedback to make the bot better. :) MolecularPilot ^{🧪️✈️} 03:52, 22 December 2024 (UTC)[reply]

  Also thanks for reminding me to provide guidance to users on this, I think the current WP:OPP block message doesn't really fit with the VPNgate mode of temporary volunteers (who the user effected might not even know about but could get a dynamic assignment with an IP blocked for a few days). I'll make a custom block template! :) MolecularPilot ^{🧪️✈️} 03:54, 22 December 2024 (UTC)[reply]

  Tada I guess... {{Blocked VPNgate}} Anyone reading this please feel comfortable to be WP:BOLD and make it better if you'd like, it's still a very early draft. :) MolecularPilot ^{🧪️✈️} 10:06, 22 December 2024 (UTC)[reply]

  While tone of you thanks seems to include some aspersions :), you're welcome if what I've said has helped you. If the list is the same for everyone, you can indeed be a lot more effective. My point about censorship was less about you helping state censors and more about you using the loophole that VPNGate haven't said anything about private actors, and giving the impression that abuse is the only thing it is being used for. 220.81.178.129 (talk) 11:39, 22 December 2024 (UTC)[reply]

  Oh no I'm really sad now, please don't take my tone when I thanked you in the wrong way (it can be both hard to express and pick up on the internet)! Maybe saying "sooooo" was a bit over the top, but you've genuinely gone back and forth with me a lot of times and always written detailed, logical suggestions or concerns to help, so genuinely, no sarcasm, thank you!!! :) MolecularPilot ^{🧪️✈️} 04:41, 23 December 2024 (UTC)[reply]

  All right then, and sorry about my tendency to lean a bit on the paranoid side. 159.146.72.149 (talk) 09:25, 23 December 2024 (UTC)[reply]

Take a look at (for example) http://fr.wiki.x.io/wiki/Wikip%C3%A9dia:Oracle#Li_M'H%C3%A2_Ong_(2). This seems to be typical of talk pages on frwiki. The threading of replies is so much easier to follow. Is this just some snazzier CSS they're using, or something fundamentally better to edit the pages? RoySmith (talk) 01:07, 18 December 2024 (UTC)[reply]

It looks like just some snazzy CSS. * Pppery * _{it has begun...} 01:09, 18 December 2024 (UTC)[reply]

I see no reason not to adopt the CSS over here, or some other form of threaded discussion by default.JayCubby 01:22, 18 December 2024 (UTC)[reply]

There are some gadgets that support it. I think ConvenientDiscussions is one of them. I'm not a general fan of the styling. Izno (talk) 02:08, 18 December 2024 (UTC)[reply]

A screenshot of Convenient Discussions for reference:

Threads are collapsible, and a change is coming that would allow to collapse/expand all replies to a comment in one click, similar to how you can do that on Reddit with a +/− button.

And, of course, pure CSS is only a half-solution here since markup and HTML produced by it are trickier and don't correspond to the actual comment structure as one-to-one. Jack who built the house (talk) 05:31, 20 December 2024 (UTC)[reply]

I'd love to see that too! – Closed Limelike Curves (talk) 23:06, 18 December 2024 (UTC)[reply]

I created my own experimental CSS stylesheet to add style formatting to discussion threads; see User:Isaacl/style/discussion-threads for an example of how it looks and instructions on using it. There is an accompanying user script to temporarily turn the style formatting off for the current page, should you want to see how the page looks by default. isaacl (talk) 02:25, 18 December 2024 (UTC)[reply]

I don't personally like that layout, but the customer is always correct in matters of taste I suppose? It's just styling hacks (see without). frwiki has thousands of lines of custom css being loaded by default (e.g. from w:fr:MediaWiki:common.css , w:fr:MediaWiki:Vector-2022.css, w:fr:MediaWiki:Gadget-Mobile.css). Someone could write a "pretty talk pages" script here, and if it was popular we could make it available as a gadget. — xaosflux ^Talk 14:53, 18 December 2024 (UTC)[reply]

What's been done in the past is A/B testing of different gimmicks by the WMF. I'd be curious to see the rate of abandoned comments now versus with a shiny new layout is. JayCubby 15:16, 18 December 2024 (UTC)[reply]

My stylesheet continues to be used by (double-checks)... only me. I like it, but it's not evident yet that there's a significant demand for different styling of discussion threads. isaacl (talk) 18:17, 18 December 2024 (UTC)[reply]

That looks HIDEOUS. All the boxes and colors distract me from the text. I would find it harder to follow those conversations. --User:Khajidha (talk) (contributions) 15:51, 18 December 2024 (UTC)[reply]

The threading is entirely frwiki's custom CSS. It's pretty easy to do, with how talk pages use nested definition-list syntax for discussions already; body.ext-discussiontools-replytool-enabled dd { border-left: 2px solid lavender; padding-left: 1ex; } gets you about 95% of the way there. There's plenty of room to get fancier, of course. (And sometime people use unordered lists instead, which would need to be handled separately.)

There's also a visible difference since enwiki is the only place that the DiscussionTools "visual enhancements" haven't been turned on yet (T379102). That's why they have the fancier thread summaries in the topic list and under the headings, and the more button-like reply links. If you're curious what that'd be like here, you can turn it on with the dtenable URL parameter.

We did experiment with going much further in page-reformatting with DiscussionTools as well. You can see our structure-debug page for an example of that. It's actually what the talk pages in the mobile apps use now -- they get the talk page data from the DiscussionTools API and build the view from that, rather than from the normal wikitext render. DLynch (WMF) (talk) 16:39, 18 December 2024 (UTC)[reply]

This looks so cool! I'm really looking forward to it on enwiki :) any way I can opt-in to DiscussionTools improvements like this sooner? – Closed Limelike Curves (talk) 03:45, 19 December 2024 (UTC)[reply]

You can enable DiscussionTools in the beta menu. I don't know where that's located in Vector 2022's menu (I use MonoBook), but it's in there. ♠JCW555 (talk)♠ 04:46, 19 December 2024 (UTC)[reply]

Right, I have it on, but it looks like FrWiki and other wikis are using a newer version with more features (which is what I'm interested in). – Closed Limelike Curves (talk) 19:46, 19 December 2024 (UTC)[reply]

For the record, those boxes don't show up on mobile. That issue, combined with the fact that replies aren't as far apart in the new version, makes it harder for mobile users to tell who is replying to who compared to the current version. QuicoleJR (talk) 19:05, 19 December 2024 (UTC)[reply]

Woah, it looks like MediaWiki has an even nicer talk page GUI? Any way I can enable that on all wikis? – Closed Limelike Curves (talk) 19:56, 19 December 2024 (UTC)[reply]

I have since learned that this would be a terrible idea. (I still like the look, though, and it would be great to have some way to sort threads by age.) – Closed Limelike Curves (talk) 20:14, 19 December 2024 (UTC)[reply]

It would be indeed great to have more control over sorting threads, especially since there are a number of wikis (including the main wiki I contribute to, Russian Wikipedia) which have to resort to bad hacks to display certain forum pages in recent-oldest sorting order and not oldest-recent as it is default. It would’ve been great to see these hacks made obsolete with DiscussionTools, see phab:T313165, but AFAIK no one actively develops it any more, so I guess we’ll have to wait till WMF decides to fund it again. stjn 21:40, 19 December 2024 (UTC)[reply]

That's Flow. It failed for complicated reasons, has limped along unmaintained since 2016-ish, and is currently in the process of being completely removed now that DiscussionTools was deployed as the outcome of the 2019 talk pages consultation. DLynch (WMF) (talk) 20:20, 19 December 2024 (UTC)[reply]

This is also as ugly as homemade sin. Way too much whitespace.--User:Khajidha (talk) (contributions) 20:47, 19 December 2024 (UTC)[reply]

I don't know if it's just me noticing something that has been there for a long time, or if something new is happening, or if my CSS or browser is to blame, but I am noticing undesirable line wrapping that I have not seen before. I am seeing references after full stops (periods) that wrap to the next line. I'm seeing the ")" in "f/16)" (in the lead of Exposure value) wrapping to the next line. And I think one other kind of wrapping that should not be happening but that I can't remember at the moment. I don't think this sort of wrapping was happening before; references stayed with the preceding punctuation, and a closing parenthesis would stay with the text that preceded it. I could be wrong or misremembering, of course. My gut feeling is that I just started noticing it in the last month or so.

If it's just me, I'll live with it, but I thought I would post here to see if this prompts anyone else to chime in. I am using Vector 2022 on the latest Firefox for Mac OS. I can link to example pages and even provide screen shots as needed. – Jonesey95 (talk) 01:01, 19 December 2024 (UTC)[reply]

I am seeing references after full stops (periods) that wrap to the next line.

This has unfortunately always been the case. I found Phab tasks and comments documenting this going back to 2016: T100112#2027495, T125480. There have been cases where line wrapping around references behaved even worse than that (interesting ones I found: T96487, T110057, T132255), and those have been fixed.

I'm seeing the ")" in "f/16)" (in the lead of Exposure value) wrapping to the next line

I can reproduce this, screenshot for reference: F58028918. This is caused by using display: inline-block; in the template {{f/}} (basically the same issue as T110057 mentioned above, actually). It was added not quite a year ago: [1]. I'm not sure what these rules are for, but someone could probably find a way to do this differently and avoid the problem.

And I think one other kind of wrapping that should not be happening but that I can't remember at the moment.

Well, it's a bit tricky to guess from that ;), but my crystal ball shows me you're thinking of T353005, where some error and warning messages now break words with hyphens when wrapping lines, starting also about a year ago. I heard a few people complain about that and I find it a bit unpleasant myself. Did I guess right?

Matma Rex talk 01:54, 19 December 2024 (UTC)[reply]

Adding a ‍ after the span in {{f/}}, as shown in Special:Diff/1263967231, would at least fix the issue in that template. --Ahecht (TALK
PAGE) 17:15, 19 December 2024 (UTC)[reply]

The problem with NOT wrapping (especially when dictated by templates), is that it works for 90% of the cases. But there is also the 10% of cases where the value is too small to fit in the infobox or on a mobile screen in 1 line. But the templates can't make that distinction, so it's generally a bad idea to put 'no wrap' as a default in a template. Overall it is better to depend on the browser to mostly do things right and not fret too much about the occasional times that it gets it wrong. Because flipping that assumption around tends to create harder to maintain wikitext that gets it wrong about the same or even more often. —TheDJ (talk • contribs) 09:36, 19 December 2024 (UTC)[reply]

Thanks for the responses. As I said, I really can't tell if I'm seeing something new, or if I noticed one and now the Baader-Meinhof phenomenon is in effect. If I see something really egregious, I'll take a screen shot. – Jonesey95 (talk) 15:50, 19 December 2024 (UTC)[reply]

i want to add the contentious topics/aware template to the top of my talkpage, but the list of topic codes says to substitute the template so i did but the israel/palestine topic code did not display. how do i include the topic code? Daddyelectrolux (talk) 19:04, 19 December 2024 (UTC)[reply]

@Daddyelectrolux You don't need to subst that template, you would just do {{Contentious topics/aware|a-i}}. --Ahecht (TALK
PAGE) 19:51, 19 December 2024 (UTC)[reply]

the topic codes page states that the template should be substituted. perhaps that should be removed, to avoid new people from make my same mistake? thank you User:Ahecht. :) Daddyelectrolux (talk) 00:23, 20 December 2024 (UTC)[reply]

@Daddyelectrolux: You wanted to use Template:Contentious topics/aware which doesn't say to use subst. Template:Contentious topics/table is used to document other templates and it varies whether they require subst. I have added this to the documentation.[2] PrimeHunter (talk) 12:14, 20 December 2024 (UTC)[reply]

To be fair, up until yesterday Template:Contentious topics/aware/doc just linked to Template:Contentious topics/table. I updated it so that it properly transcludes the table, which hides the subst: syntax. --Ahecht (TALK
PAGE) 15:27, 20 December 2024 (UTC)[reply]

Hi! Hopefully this is the right place to put this. Template:Cite RCDB's documentation contains a suggested user script to add the template to RefToolbar 2.0. However, it imports User:Mr.Z-man/refToolbar 2.0.js, which hasn't been a think since 2013. On the page is now a note saying "This script is now enabled by default." The existing script, however, does not work out of the box, throwing the error below. If someone who knows JS could help modify the script to work without the linked user script, that would be great!

VM385:2 Uncaught ReferenceError: $j is not defined
    at <anonymous>:2:913
    at globalEval (startup.js:1141:17)
    at runScript (startup.js:1292:6)
    at enqueue (startup.js:1179:5)
    at execute (startup.js:1399:5)
    at doPropagation (startup.js:748:6)

Plighting Engineerd (talk) 01:38, 20 December 2024 (UTC)[reply]

The instructions were VERY VERY outdated. I have updated them and tested the 'new' fragment and it works. —TheDJ (talk • contribs) 10:43, 20 December 2024 (UTC)[reply]

Thanks so much! Works perfectly now! Plighting Engineerd (talk) 13:23, 20 December 2024 (UTC)[reply]

I was unable to complete an edit a few minutes ago. I got an error message saying the site was under maintenance. Clicking on "back" did get me the edit I was trying to make and a few seconds later I was successful.

I posted just for documentation but I am having difficulty with a site that is very slow and I came here to do an edit to have something to do while waiting for pages on that slow site to come up. The slow site slows everything else down.— Vchimpanzee • talk • contributions • 21:21, 20 December 2024 (UTC)[reply]

I wanted to save an edit containing a link to tradingview.com but it keeps showing a message:

"Your edit was not saved because it contains a new external link to a site registered on Wikipedia's blacklist or Wikimedia's global blacklist. [...] The following link has triggered a protection filter: tradingview.com [...]"

So I tried to figure out whether I shouldn't use that website as a source and on what blacklist that website is supposed to be but I couldn't find anything. Is that a bug? Killarnee (talk) 14:18, 21 December 2024 (UTC)[reply]

It's on the global blacklist at meta:Spam blacklist. Anomie⚔ 14:29, 21 December 2024 (UTC)[reply]

Yeah. It was added in October 2017. See the request and link report. – Daℤyzzos (✉️ • 📤) Please do not ping on reply. 14:44, 21 December 2024 (UTC)[reply]

Hm now I found it too, somehow the find tool in Safari wasn't able to find it. Thanks you both. Looks like I have to search for another source. Killarnee (talk) 14:58, 21 December 2024 (UTC)[reply]

When I try to view this special page I just get the following error:

[8f6642e6-42f2-4bba-8e7d-01bac9220c2f] 2024-12-21 18:40:02: Fatal exception of type "Wikimedia\RequestTimeout\RequestTimeoutException"

Is anyone else getting this error when viewing that page? Thanks. 2A0E:1D47:9085:D200:E9BC:B9ED:405A:596B (talk) 18:42, 21 December 2024 (UTC)[reply]

It works now. Problems come and go. I had to restart my phone half an hour ago to get something to work. Extra: That was a problem with an app on my phone (nothing to do with Wikipedia). Johnuniq (talk) 03:10, 22 December 2024 (UTC)[reply]

I see a similar error when I try to check logs for Special:Log/ProcseeBot. [1d666f00-ed84-4e73-928d-04edc6edc844] 2024-12-22 10:33:05: Fatal exception of type 'Wikimedia\Rdbms\DBQueryTimeoutError'. – DreamRimmer (talk) 10:39, 22 December 2024 (UTC)[reply]

Likely also worth noting that, above the error, it says To avoid creating high database load, this query was aborted because the duration exceeded the limit. Though I suppose that's the definition of a timeout... – Daℤyzzos (✉️ • 📤) Please do not ping on reply. 15:43, 22 December 2024 (UTC)[reply]

Tracked at phab:T325062. – DreamRimmer (talk) 18:00, 22 December 2024 (UTC)[reply]

When the {{Infobox government agency}} template is included into some page, SVG images inside it have their colors inverted if the dark mode is on. See, for example, the article United States Department of State, specifically the seal: it should have dark blue outter ring, white inner circle with a brown eagle, but instead you can see the seal with a bluish-white outter ring, black inner circle with an orange eagle. Looked at several other infobox templates, none of them have a simmilar issue. Also, only vector images are affected by this, raster images are not. I wanted to try to debug it, but the template is fully protected. Tohaomg (talk) 17:30, 22 December 2024 (UTC)[reply]

@Tohaomg it's most likely this edit by @Jonesey95: that has introduced the behaviour. Probably best discussed at Template talk:Infobox government agency. Nthep (talk) 18:04, 22 December 2024 (UTC)[reply]

See the previous discussion. A more comprehensive fix is welcome. The sandbox is open for anyone to edit. – Jonesey95 (talk) 18:57, 22 December 2024 (UTC)[reply]

This is not an acceptable solution, please revert. Sjoerd de Bruin (talk) 20:52, 22 December 2024 (UTC)[reply]

The reason skin-invert worked for signatures was that white writing paper is common and even though colors in pens is varied, the most commonly used ones are dark.

Logos are not created on the basis of a palette of colors, unlike signatures. Logos are created to be visible and understandable from far away and close up. As such, they should not be inverted at large.

I consider the edit request in the template to be unactionable, as it did not ask for any particular solution, not even a hint at one. Snævar (talk) 23:24, 22 December 2024 (UTC)[reply]

I'm not sure why people are continuing to reply here. This discussion will be lost in the archives of VPT; please post at the template talk page with comments, suggestions, proposed fixes, or requests. – Jonesey95 (talk) 06:00, 23 December 2024 (UTC)[reply]

@Jonesey95: I am not buying that argument for one second, also you are refusing to talk about the issue itself. Stop this bureaucratic nonsense. Most issues are solved during discussion not after, it being "lost in the archive" is a non starter as an argument. Clearly neither myself or Sjoerddebruin are going to move this discussion to the template talk page. If you continue attempting to refrain from discussing about the issue itself, consider this your first warning. I would also like to voice my disappointment of how you are handling this, I do expect better than this. Snævar (talk) 09:24, 23 December 2024 (UTC)[reply]

Responding like this and bypassing the instructions that are clearly indicated at the top of the template page is really something, especially with an unsure edit summary. Sjoerd de Bruin (talk) 09:32, 23 December 2024 (UTC)[reply]

I wasn't discussing the issue here because of WP:MULTI. See the template's talk page for further discussion. I have reverted the change and continue to welcome a better way to fix the problem that was identified and that is still present. – Jonesey95 (talk) 15:55, 23 December 2024 (UTC)[reply]

I wonder if anybody remembers some technical details of the use of File:Wiki.png for the logo in the top-left corner during the 2000s (not limited to enwiki). This discussion led me to asking this. I found some clues on Commons – quoting myself from the aforementioned discussion:

The log for File:Wiki.png shows two interesting entries:

• protection, 11 July 2005: it's the sitewide logo in the upper left corner. Very bad if it were to get vandalized.
• deletion, 7 October 2005: block upload of local logos for other wikis. Commons now uses Image:Wiki-commons.png as the site-wide logo. See also Template:Deletion_requests#Image:Wiki.png.

commons:Commons:Deletion_requests/Archive/2005/09#Image:Wiki.png is also interesting. [...]:

Image:Wiki.png should be moved to a different name (already re-created at Image:Wiki-commons.png) as it currently is aliasing that name on every wiki project and therefore not allowing local logos on those projects. Tim has already changed the logo location, so it shouldn't break the commons logo, but we should wait about a week before moving it to give time for the caches to update. The logo is now hardcoded so there is no need to protect this specific image.

Does anybody remember any further details?

Thanks, Janhrach (talk) 20:59, 22 December 2024 (UTC)[reply]

I don't really remember, but we have historical records of the configuration going back to 2012. The current system, where logos of each wiki are stored in the configuration, was introduced in 2015 in change 209616 and other commits around that time. Wikis had the option to use the locally uploaded Wiki.png as a logo until 2017, when it was removed in change 359037. Alas I don't really know the historical context around these changes, I just found them in the history. Matma Rex talk 14:13, 23 December 2024 (UTC)[reply]

Thanks. Janhrach (talk) 14:17, 23 December 2024 (UTC)[reply]